June 15, 2022 By Michael Massimi 3 min read


Does the world need another acronym? Probably not. But it seems like one is born every day in the cybersecurity market. As a tradeoff for the brain power to recall their cryptic meanings, we should at least expect progress on the technology front.

We have seen this before. With all that’s happened in the last decade, point products for network security became next-generation firewall appliances, creating an ease-of-use and centralized management interface. In the world of cloud security, we are now witnessing a consolidation of workload protection, vulnerability management, container security, and posture management — all designed to protect cloud native applications.

Enter CNAPP… But Will It Help?

Cloud Native Application Protection Platform (CNAPP) is a category defined by Gartner as “an integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production.” With the move to shift left, customers are challenged to protect workloads throughout lifecycles, and they will use every tool to accomplish that goal.

This leads us to the best practices for workload protection and how an integrated platform could streamline the process.

To avoid application vulnerabilities finding their way into production environments, IT teams are best suited to scan during all stages of development. No matter where the application may reside, whether in a hybrid and multi-cloud environment, the workload protections must be extended. For Kubernetes environments, such as Red Hat OpenShift, container protection must also be in place to cover all the bases.

Given that misconfigurations are the leading cause of cloud data breaches, it is important to implement a cloud security posture management (CSPM) solution to ensure there are no open ports or access. Ultimately the likes of cloud workload protection, in whatever form, will play a critical part in a zero trust architecture — where security policy follows the user, regardless of where the data may reside.

Each security capability mentioned above requires a stand-alone product, as well as a trained resource to implement and manage the solution. Challenges will remain to bridge the visibility across these disparate solutions, and it opens the door for an integrated solution like CNAPP to drive efficiencies and consolidate cloud security into a single management platform.

What Are the Benefits of CNAPP?

CNAPP promises to ease the pain for customers with a single pane of glass for cloud native applications during development and ultimately manage the workload, all while maintaining compliance standards. The integration of several cloud security features into one platform makes a lot of sense for customers to ease the burden of managing a complex environment and risk. Finding the skills to implement and manage CNAPP may be the ultimate challenge, and will require the broad expertise from a seasoned global systems integrator that can handle the entirety of the cloud native lifecycle — including DevSecOps, workload protection, posture compliance, and ongoing vulnerability management.

Here are some of the high-level benefits of CNAPP:

  • Unified management console and visibility: Consolidate several cloud security capabilities under one platform
  • Cost reduction: Move from stand-alone products to one integrated platform that requires less dedicated resources
  • Comprehensive security: Gain an end-to-end approach for ongoing application security from development through production
  • Security automation: Embed controls inside the entire DevOps landscape, driving a shift-left culture

Security for cloud native applications is a complex world, but with the right “utility knife” there is a collection of capabilities available within one platform that collectively addresses several security and compliance challenges.

Looking for More Guidance on CNAPP?

The best course of action would be to speak with an experienced systems integrator that has consulting and managed services accreditation across the clouds your organization relies on. With their expertise, you can gain a better understanding of how CNAPP can protect your cloud native applications across development and production.

Learn more

More from Application Security

Critically close to zero(day): Exploiting Microsoft Kernel streaming service

10 min read - Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a 0-day vulnerability, exploring an interesting bug class, and building a stable exploit. This post doesn’t require any specialized Windows kernel knowledge to follow along, though…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today